Life is a Roller Coaster

February 24, 2009

Hello :)

Filed under: General — adisubrata @ 2:19 AM

Hello world….

I haven’t checked this blog for couple of months. Sorry I didn’t write anything at the moment and for a couple of months.

I’m tied up with something here on my customer :) … Beside that I prepared JNCIE-M exam last month. There is a flood at my house here. That was terrible condition that I must evacuated my family twice within 2 weeks.

I hope I can write another techie post in the next couple days.

There are many things happened during my absent here. The most biggest thing is global crisis. We are now living in the global crisis where every company trying to do cut cost in every possibilities. Some company lay off their employee too :(

I hope everything better soon :)

December 6, 2008

Usefull item to convert MS outlook to apple mac

Filed under: General — adisubrata @ 12:34 AM

Get this link from my friend and its very useful.

http://www.schwie.com/brad/?p=22

October 29, 2008

L2Circuits – CoC

Filed under: General — Tags: , — adisubrata @ 1:43 AM

The objective of this experiment is connecting two separates network using L2CCC over MPLS on VPN services (CoC).

CE1 and CE2 want to connect each other. MPLS operator provides them COC termination on PE1 and PE2. MPLS provider needs to enable MPLS session towards CE.
After MPLS session are created on each routers, PEA and PEB creates L2Circuits connection each others.

Step 1: Configure MP-BGP on PE1 and PE2 to carry l3VPN unicast.

enugadi@JNCIE-M# show logical-routers PE1 protocols bgp
group ibgp {
    type internal;
    local-address 100.0.0.1;
    family inet-vpn {
        unicast;
    }
    neighbor 100.0.0.3;
}

[edit]
enugadi@JNCIE-M# show logical-routers PE2 protocols bgp   
group ibgp {
    type internal;
    local-address 100.0.0.3;
    family inet-vpn {
        unicast;
    }
    neighbor 100.0.0.1;
}

Step 2: Configure L3VPN and policies on PE1 and PE2.

Note: Since the PE-CE used is OSPF, you need to export policy to redistribute BGP prefix to OSPF. Egress policy will need to ensure that Lo0 of PE will send to CE.

L3VPN Configuration on PE1

enugadi@JNCIE-M# show logical-routers PE1 routing-instances
NPE-VRF {
    instance-type vrf;
    interface fe-1/3/0.15;
    interface lo0.888;
    route-distinguisher 1:2;
    vrf-import csc-import;
    vrf-export csc-export;
    vrf-table-label;
    protocols {
        ospf {
            export bgp-to-ospf;
            area 0.0.0.11 {
                interface fe-1/3/0.15;
                interface lo0.888;
            }
        }
        ldp {
            egress-policy bgp-to-ospf;
            interface fe-1/3/0.15;
            interface lo0.888;
        }
    }
}

[edit]
enugadi@JNCIE-M# show logical-routers PE1 policy-options policy-statement csc-import
term 1 {
    from {
        protocol bgp;
        community csc-comm;
    }
    then accept;
}
term 2 {
    then reject;
}

[edit]
enugadi@JNCIE-M# show logical-routers PE1 policy-options policy-statement csc-export   
term 1 {
    from protocol ldp;
    then {
        community add csc-comm;
        accept;
    }
}
term 2 {
    then reject;
}

L3VPN  Configuration on PE2:

enugadi@JNCIE-M# show logical-routers PE2 routing-instances
NPE-VRF-B {
    instance-type vrf;
    interface fe-1/3/0.34;
    interface lo0.999;
    route-distinguisher 1:1;
    vrf-import csc-import;
    vrf-export csc-export;
    vrf-table-label;
    protocols {
        ospf {
            export bgp-to-ospf;
            area 0.0.0.10 {
                interface fe-1/3/0.34;
                interface lo0.999;
            }
        }
        ldp {
            egress-policy bgp-to-ospf;
            interface fe-1/3/0.34;
            interface lo0.999;
        }
    }
}

[edit]
enugadi@JNCIE-M# show logical-routers PE2 policy-options policy-statement csc-import
term 1 {
    from {
        protocol bgp;
        community csc-comm;
    }
    then accept;
}
term 2 {
    then reject;
}

[edit]
enugadi@JNCIE-M# show logical-routers PE2 policy-options policy-statement csc-export   
term 1 {
    from protocol ldp;
    then {
        community add csc-comm;
        accept;
    }
}
term 2 {
    then reject;
}

Step 3: Verify BGP connection from PE1 to PE2 vice versa. Verify PE-CE OSPF neighbor state.

Verification on PE1:

enugadi@JNCIE-M# run show bgp summary logical-router PE1
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l3vpn.0            1          1          0          0          0          0
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Damped...
100.0.0.3       64000         54         60       0       0       21:46 Establ
bgp.l3vpn.0: 1/1/0
NPE-VRF.inet.0: 1/1/0
[edit]
enugadi@JNCIE-M# run show ospf neighbor logical-router PE1 instance NPE-VRF
Address          Interface              State     ID               Pri  Dead
15.15.0.2        fe-1/3/0.15            Full      100.0.0.1        128    34

Verification on PE2

enugadi@JNCIE-M# run show bgp summary logical-router PE2
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l3vpn.0            2          2          0          0          0          0
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Damped...
100.0.0.1       64000         60         57       0       0       22:12 Establ
bgp.l3vpn.0: 2/2/0
NPE-VRF-B.inet.0: 2/2/0
[edit]
enugadi@JNCIE-M# run show ospf neighbor logical-router PE2 instance NPE-VRF-B
Address          Interface              State     ID               Pri  Dead
13.13.0.2        fe-1/3/0.34            Full      100.0.0.4        128    32
Well, all protocols are working as expected.
Step 4: Verify LDP session on PE-CE connection.
enugadi@JNCIE-M# run show ldp neighbor logical-router PE1 instance NPE-VRF
Address            Interface          Label space ID         Hold time
15.15.0.2          fe-1/3/0.15        100.0.0.1:0              11
[edit]
enugadi@JNCIE-M# run show ldp neighbor logical-router PE2 instance NPE-VRF-B
Address            Interface          Label space ID         Hold time
13.13.0.2          fe-1/3/0.34        100.0.0.4:0              11

Step 5: Verify PEA receives FEC of PEB (10.0.100.4).

enugadi@JNCIE-M# run show route logical-router PEA table inet.3 

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

100.0.0.1/32       *[LDP/9] 00:17:29, metric 1
                    > to 15.16.0.1 via fe-1/3/0.16
100.0.0.4/32       *[LDP/9] 00:17:28, metric 1
                    > to 15.16.0.1 via fe-1/3/0.16, Push 100048

Step 6: Configure L2Circuit from PEA to PEB vice versa.

enugadi@JNCIE-M# show logical-routers PEA protocols l2circuit
neighbor 100.0.0.4 {
    interface ge-0/0/3.0 {
        virtual-circuit-id 15;
    }
}

[edit]
enugadi@JNCIE-M# show logical-routers PEA interfaces ge-0/0/3   
unit 0;

enugadi@JNCIE-M# show logical-routers PEB protocols l2circuit   
neighbor 100.0.0.5 {
    interface ge-0/0/0.0 {
        virtual-circuit-id 15;
    }
}

enugadi@JNCIE-M# show logical-routers PEB interfaces ge-0/0/0    
unit 0;

Step 7: Verify L2Circuits connection

enugadi@JNCIE-M# run show l2circuit connections logical-router PEA   
Layer-2 Circuit Connections:

Legend for connection status (St)  
EI -- encapsulation invalid      NP -- interface h/w not present  
MM -- mtu mismatch               Dn -- down                      
EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down   
CM -- control-word mismatch      Up -- operational               
VM -- vlan id mismatch           CF -- Call admission control failure
OL -- no outgoing label          XX -- unknown
NC -- intf encaps not CCC/TCC
CB -- rcvd cell-bundle size bad

Legend for interface status 
Up -- operational           
Dn -- down                  
Neighbor: 100.0.0.4
    Interface                 Type  St     Time last up          # Up trans
    ge-0/0/3.0(vc 15)         rmt   Up     Oct 29 04:15:46 2008           2
      Local interface: ge-0/0/3.0, Status: Up, Encapsulation: ETHERNET
      Remote PE: 100.0.0.4, Negotiated control-word: Yes (Null)
      Incoming label: 100000, Outgoing label: 100000

[edit]
enugadi@JNCIE-M# run show l2circuit connections logical-router PEB   
Layer-2 Circuit Connections:

Legend for connection status (St)  
EI -- encapsulation invalid      NP -- interface h/w not present  
MM -- mtu mismatch               Dn -- down                      
EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down   
CM -- control-word mismatch      Up -- operational               
VM -- vlan id mismatch           CF -- Call admission control failure
OL -- no outgoing label          XX -- unknown
NC -- intf encaps not CCC/TCC
CB -- rcvd cell-bundle size bad

Legend for interface status 
Up -- operational           
Dn -- down                  
Neighbor: 100.0.0.5
    Interface                 Type  St     Time last up          # Up trans
    ge-0/0/0.0(vc 15)         rmt   Up     Oct 29 04:15:48 2008           1
      Local interface: ge-0/0/0.0, Status: Up, Encapsulation: ETHERNET
      Remote PE: 100.0.0.5, Negotiated control-word: Yes (Null)
      Incoming label: 100000, Outgoing label: 100000

Since the L2Circuit between PEA and PEB is in upstate, CE1 should be able to create connection to CE2.

enugadi@JNCIE-M# run ping 172.16.0.2 logical-router CE1 rapid count 100     
PING 172.16.0.2 (172.16.0.2): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--- 172.16.0.2 ping statistics ---
100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.066/1.129/3.223/0.278 ms

Check OSPF neighbor state on CE1 and CE2

enugadi@JNCIE-M# run show ospf neighbor logical-router CE1
Address          Interface              State     ID               Pri  Dead
172.16.0.2       ge-0/0/2.0             Full      22.22.22.22      128    39

[edit]
enugadi@JNCIE-M# run show ospf neighbor logical-router CE2   
Address          Interface              State     ID               Pri  Dead
172.16.0.1       ge-0/0/1.0             Full      11.11.11.11      128    32

Well, it’s working as expected.

You can download complete configuration here coc-l2circuits.

October 14, 2008

Awesome guitar player !!

Filed under: General — adisubrata @ 1:11 AM

Finally Trace Bundy and SungHa Jung made a collaboration and playing Canon.

Nice play.. indeed…. I really enjoy this music.

June 28, 2008

How long you can survive??

Filed under: General — adisubrata @ 5:56 AM

This router has survive without restart for almost 3 years :D

Nice !!!!

hidden@hidden> show chassis routing-engine
Routing Engine status:
Slot 0:
Current state                  Master
Election priority              Master
Temperature                 35 degrees C / 95 degrees F
CPU temperature             37 degrees C / 98 degrees F
DRAM                      2048 MB
Memory utilization          17 percent
CPU utilization:
User                       5 percent
Background                 0 percent
Kernel                     4 percent
Interrupt                  2 percent
Idle                      90 percent
Model                          RE-4.0
Serial ID                      P11123902724
Start time                     2005-11-28 16:15:14 JAVT
Uptime                        942 days, 13 hours, 34 minutes, 56 seconds

Load averages:                 1 minute   5 minute  15 minute
0.45       0.51       0.49

February 29, 2008

Youtube.com Hijack Case Study (Analysis from RIPE.net)

Filed under: General — adisubrata @ 11:14 AM

It reminds me how inter AS connection should be trusted one another. They just advertises same prefix with more specific subnets. According to the BGP role, longest matched subnet would be preferred.

On Sunday, 24 February 2008, Pakistan Telecom (AS17557) started an unauthorised announcement of the prefix 208.65.153.0/24. One of Pakistan Telecom’s upstream providers, PCCW Global (AS3491) forwarded this announcement to the rest of the Internet, which resulted in the hijacking of YouTube traffic on a global scale.

In this report we show how the events were seen by RIPE NCC’s Routing Information Service (RIS) and how, in general, one can use the RIS tools to obtain hard data on network events.

Event Timeline

  • Before, during and after Sunday, 24 February 2008: AS36561 (YouTube) announces 208.65.152.0/22. Note that AS36561 also announces other prefixes, but they are not involved in the event.
  • Sunday, 24 February 2008, 18:47 (UTC): AS17557 (Pakistan Telecom) starts announcing 208.65.153.0/24. AS3491 (PCCW Global) propagates the announcement. Routers around the world receive the announcement, and YouTube traffic is redirected to Pakistan.
  • Sunday, 24 February 2008, 20:07 (UTC): AS36561 (YouTube) starts announcing 208.65.153.0/24. With two identical prefixes in the routing system, BGP policy rules, such as preferring the shortest AS path, determine which route is chosen. This means that AS17557 (Pakistan Telecom) continues to attract some of YouTube’s traffic.
  • Sunday, 24 February 2008, 20:18 (UTC): AS36561 (YouTube) starts announcing 208.65.153.128/25 and 208.65.153.0/25. Because of the longest prefix match rule, every router that receives these announcements will send the traffic to YouTube.
  • Sunday, 24 February 2008, 20:51 (UTC): All prefix announcements, including the hijacked /24 which was originated by AS17557 (Pakistan Telecom) via AS3491 (PCCW Global), are seen prepended by another 17557. The longer AS path means that more routers prefer the announcement originated by YouTube.
  • Sunday, 24 February 2008, 21:01 (UTC): AS3491 (PCCW Global) withdraws all prefixes originated by AS17557 (Pakistan Telecom), thus stopping the hijack of 208.65.153.0/24. Note that AS17557 was not completely disconnected by AS3491. Prefixes originated by other Pakistani ASs were still announced by AS17557 through AS3491.

See the complete analysis here

Older Posts »

Blog at WordPress.com.